No it isn't. The 9th circuit court is by far the largest appellate court in the country, so while it has the most appeals overturned, it also has the most cases. By percentage it's actually in the middle of the pack.

I'm not even convinced he was trying to be deceptive. Maybe the AC simply doesn't get it. Or stopped reading the reply half-way through, as he was satisfied with himself.

Regardless, the subtlety pointed out by AuMatar is very disappointingly very hard to understand by a large portion of the population. Yes, I know, citation needed, but I can only give my own experience and observation as reference. Every time I face this situation, I turn out highly disappointed - in what exactly I don't know, but i'm just

Did you not understand the parent's post at all? It doesn't matter that you 'exactly said something' if you fail to grasp basic mathematics enough to realize that the total number of appeals is fucking meaningless metric by itself.

And therefor, violating a TOS can't automatically be seen as criminal activity. Kudos to the Ninth Circuit Court of Appeals for having their head on straight.

Actually, the question is whether the law on the books that makes it illegal if an action "exceeds authorized access" applies to TOS violations, since the TOS outline what counts as authorized access. You can argue very easily that using a service in a manner that breaks the TOS does, in fact, violate the law (by exceeding what you were authorized in the TOS), but this court argues that the language is somewhat ambiguous and in the case of criminal law, you should always err on the side of leniency unless Congress makes itself clear. Basically, an action cannot be criminal unless the law clearly and explicitly states it is.

The case has nothing to do with corporations ability to make an action illegal, specifically, but rather whether an action (violating the TOS) is already criminal under the current law. Agreed about the court having it's head on straight, this judge seems extremely rational.

You seem to be thinking of EULAs, which are different from TOS. Terms of Service are for... well, services that you run on computers (notably, in this case, computers you do not own, such as using Facebook). For example, Facebook can have it in their TOS that you cannot host, say, a picture of your butt on Facebook. If the Computer Fraud and Abuse Act was interpreted broadly, it could be a crime to put such a picture on their servers (it would count as "unauthorized access"). Making backup copies of softwar

I'm not sure exactly what you mean. I think in this case the question is whether an action that effectively takes place on a server you do not own, that happens to violate the TOS of whatever service you took the action under, counts as "unauthorized access" of that server. For example, uploading porn to Facebook (I presume that is against their TOS, anyways). In that case, Facebook could argue that they did not authorize you to upload porn, and therefore you accessed their server in an unauthorized fashion

Reading the law as widely as possible would mean I'm breaking federal law by setting up a second gmail account, or not using my real name on facebook. This clearly wasn't the intent of the law. It was a reaction to hackers breaking into systems that they had absolutely no rights to at all. At the time, public access services weren't that common. Those that were typically had a TOS agreement that was fairly narrow in scope.

The law could theoretically give the power of making things illegal to a corporation. but probably such a law would need to be written in such a way that it was clear that the corporation has that power, and which corporation it was, and how that corporation performs this task. So that way it is not vague as to whether or not any particular action was illegal.

even if facebook happened to have clearly written TOS that themselves are not vague. that doesn't guarantee that the statute isn't also enforcing cr

1. Accessing a computer system without authorisation from the owner is a crime.
2. A ToS specifies what a user can do, and upon violation becomes invalid - thus, the user is no longer authorised, legally. Even if their account still exists.
3. So any access breaking the ToS is, in legal fact, unauthorised - and indistinguishable from if they had, say, used an exploit or guessed a password. The means by which unauthorised access is granted is legally unimportant - it doesn't matter if it's via sophisticated hacking, script-kiddie work, social engineering, finding someone's password on a postit or pure luck in guessing. The important part is that the user, having broken the ToS, is no longer authorised by the system owner to access that computer system. See point one.

To apply this same idea to meatspace. If I rent an apartment and my lease says no pets but I have a pet anyway should that make me a criminal? I don't think so. Seems like for a couple hundred years the U.S. has considered it a civil matter and I fail to see why it should be any different on a computer. At the same time if I break into an apartment that is criminal, likewise it should be for a computer. Companies are pushing to make breaking a TOS criminal and that's a very scary thing. Especially when they change it whenever they feel like it.

because a TOS is not a valid contract is why the courts have ruled that it's a criminal offense to violate one. Contract law absolutely requires the ability to negotiate both sides, otherwise it's an EULA that is not recognized by half of the United States - the 9th district is in California IIRC

To apply this same idea to meatspace. If I rent an apartment and my lease says no pets but I have a pet anyway should that make me a criminal? I don't think so.

Let's make that a bit clearer. If your lease says "no pets" but you have a pet anyway, does that make you a trespasser? No. You live there, and as long as you live there you are not a trespasser. You may be in violation of your rent agreement, and the landlord may use this to cancel your tenancy agreement, and then ask you to leave, and if you don't leave the landlord may send bailiffs to remove you, but until they remove you, you are not trespassing.

Logically that would be the correct course of action. Set forth a contract of service. You violate said contract, you've lost the right to use the service. Further access to the service is unauthorized, and thus would then fall under the Federal statutes regarding said unauthorized access.

"authorize" is a verb performed by the owner. nothing in the statute says a TOS document can perform this task. So the court can't simply assume it. It is criminal law.

So the issue is whether the owner authorized something. And it is pretty clear that if the owner put a computer up for people from the public to use, then the owner authorized them to use it. or else authorized them to authorize themselves. He can't authorize a computer to authorize anyone, nor a TOS.

They buy the politicians, and the politicians pass laws in a way that allows them to structure their policies and contracts in a way that makes violating them a criminally enforceable action, allowing them to use the government's police powers to guarantee compliance to their policies.

Ultimately the US is going to be just like China; same corrupt style of government, complete with in-name-only ideological justifications for repression ("stability" there, "war on terrorism" here), same group of

Don't corporations regularly write into the TOS agreement that they can change the terms with minimal (if any) notification to the customer, thus putting the responsibility of terminating the agreement onto the customer?

They can amend the contract, however, you are allowed to not accept the new version. So for example you're one year into a 2 year contract with AT&T, and they change the terms. You are now free to walk away. Because of this they usually grandfather in people who are in existing contracts.

If a corporation can unilaterally change a TOS agreement AFTER someone has signed up for the service (which they do all the time), how can anybody then claim that violating it is a criminal offense?

Even more, how can a corporation (say: JoeMerchantCorp) create a TOS and then get the police and courts of the land to enforce it for them? My TOS can state that you must dance on your hands naked in the waiting room after a late payment or your account will be revoked... and it can be a criminal offence to violate it?

At what point does unconscionable start? AT&T tripled their rates without telling me until I got the bill - should I have to pay that triple expected bill? How about 10x? How about 100x? Where's the line?

TOS are modified at a dizzying pace, if there were one TOS to read for a service per 10 years and 10 services with TOS in your average daily life, sure, that's fine. As it is, I have 2 hours of reading a month to do for my PS3, another 3-4 for my Apple products, about 10 hours a month for the variou

"An unconscionable contract is one that no person who is mentally competent would enter into and that no fair and honest person would accept."

You're probably stuck with your contracts so long as your carrier is able to attract significant numbers of new people to sign on to the same terms, as that pretty much blows the unconscionable requirements.

Personally, I don't use any services with frequent TOS changes. It's not that hard to avoid.

Geeknet, Inc. comprised of the internet sites Geek.net, Sourceforge.net, Slashdot.org, ThinkGeek.com, and freecode.com (the "Sites"), provides the information and services on the Sites to you, the user, conditioned upon your acceptance, without modification, of the terms and conditions of use applicable to such Sites. Your use of any of the other Sites constitutes agreeme

Yeah, there's no chance of that holding up, particularly since they've never forced me to see either the use requirement or the actual contract. Click-through has a small chance of holding up, but this? None.

Yeah, there's no chance of that holding up, particularly since they've never forced me to see either the use requirement or the actual contract. Click-through has a small chance of holding up, but this? None.

And, what I intensely dislike about that is that, regardless of merit, suit can still be brought and you are compelled to defend, and usually appear. In my opinion, just being compelled to appear is a major nuisance.

Having all this, presently, meritless basis for suit generated as regular course of business should be in some way discouraged. A few bad decisions out of the courts could basically strip everyone of their rights by making everyone criminals due to violation of B.S. TOS (yes, it should be a ci

My solution if things are headed that way will be to set up my own terms of service for sending me web pages over my internet connection. I will make sure my terms are at least equally visible and available.

So? Laws change unilaterally all the time too, it doesn't make them ex post facto. Only if the corporation takes action against a user over a violation of the new TOS that ocurred before the new TOS was instated (and agreed to by the user). Only then would it be ex post facto.

No; trespassing is a criminal matter, not a civil one (unless we're talking trespass to chattels, which you are not). "Analogy" implies a commonality.

A real meatspace analogy would be if you offered me access to your property in writing, then at some point changed the contract to revoke my access.

The difference is, with a written (paper) contract between two individuals, changing the terms requires the physical signature of both parties; in terms of service, one party can unilaterally change their policy,

Lower courts have held that violating a (basically TOS) is a crime? Is there ever real world logic applied to these decisions or is it basically (let's rewrite every law when it applies to the internet).
"What are you in for?"
"Leaving food stuffs in the fridge after 5pm on friday, clearly against company policy".

Not just a crime, a felony crime. Which means being convicted of ToS violations not only takes away your physical freedom, but also damages your ability to find a job upon release, makes it impossible to own a gun, removes your right to vote (although some states restore that right after a prescribed period of time), and all the other wonderful disadvantages that come with being a convicted felon.

Fortunately it does at least require that it be a TOS violation "with intent to defraud", which provides a bit higher burden of proof. It's still better not to have the CFAA in this mess at all, though. If you want to ban fraud, then write a law banning fraud (which already exist, naturally), not criminalize random things just because "with a computer" is tacked on.

It's a civil matter known as breach of contract, the solution for which is getting sued.

Now if you were forging a mac address in an attempt to masquerade as another subscriber, or hacked the service to get free internet or evade a service termination, that would be different and probably *would* qualify as criminal.

Breaking TOS and having your service yoinked is like going shopping at a grocery store and getting thrown out by security for swearing, or like ge

Without any contract, you have no authority access. If you breech the contract, you have no authorization to access. Access without authorization is a felony.

I tend to agree that the other courts were probably right. Whether or not the Computer Fraud and Abuse Act is too broad is another matter and something for higher courts and the legislative branch to determine.

I've discussed this many times. Any while your interpretation could be valid, I most strongly disagree with it. I agree with the OP and the 9th CC, this is not a crime, it's a contract dispute, which makes it a civil case, not a criminal case. That's how it should be handled, breach of contract.

Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading,

Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading, to a large group of customers, then it might be treated as criminal fraud. But the company violating the TOS is not automatically a crime, it's a civil breach of contract.

I'd have an attorney read over the TOS before suing, though. I've read some that have a clause saying that by using the se

Consider what happens if it's the other way around, what if the company violates their responsibilities under the TOS? Is that automatically a crime? No. In some cases, if you can show they were willfully misleading, to a large group of customers, then it might be treated as criminal fraud. But the company violating the TOS is not automatically a crime, it's a civil breach of contract.

I'd have an attorney read over the TOS before suing, though. I've read some that have a clause saying that by using the service I accept the TOS and agree to hold the provider blameless in anything that may come up, up to and including the Second Coming of Elvis.

I'm not a lawyer and this isn't legal advice, yadda yadda. Owing to the legally protected freedom of speech, they may write whatever they want into a document. That doesn't necessarily mean it will hold up in court. Some states are better than others about rejecting unreasonable clauses in such contracts.

You do know that "basically" and "same" have very different meanings right?
The point is that neither of them (should) carry a criminal penalty for the violation of them unless the violation actually violates the law. The problem here is that they are using their *policy* to stipulate what is illegal.....using very ambiguous overreaching laws. Even though using criminal courts in place of civil is all the new rage.

Exactly what does it change?
They're both loose "contracts" on what is authorized for the service/network/etc.
Using horribly vague, ambiguous and broad laws to cover civil matters (especially big corporate civil matters) is a crazy concept that people seem to just ignore as "welp don't break the law" until they get snagged up in it.

No. The fact that is an employer/employee type setup doesn't change a thing. An employee violating a company policy in regards to accessing information they are authorized to to access via their computer credentials isn't a violation of the CFAA. Let's take another CFAA case involving the Social Security Adminstration. Certain employees in the SSA have access to personal information of people in regards to SSN payroll deductions, benefit payouts, etc. They have authorization via their computer credentials to look at virtually anyone's personal information. But the SSA has policies in place they speel out when it is proper to access that personal information. When an employee is working a case that is assignment to them, they policies says they can access personal information about persons related to that case as an example.

Now if an SSA employee starts to just access information about celebrities or other persons in the new just because they are curious. They would be a clear violation of SSA policy. Remember that the employee's credentials allow access to virtually anyone. The employee used their assignen credentials to access the information. They didn't breach any technological measure to access the measure. They didn't "hack" to gain access to the information. Their access is a violation of SSA policies, may be violations of criminal statutes of misusing government data, violations of the Privacy Act, etc. But their access was not a violation of the CFAA. That was what the 9th Circuit ruled on.

The 9th Circuit got this one right. Yes, I'm shocked as much as you are. If this ruling goes to the US Supreme Court, I don't think it'll be overruled.

It doesn't change anything, as the decision notes. The question is whether exceeding authorization to use a computer, by violating the terms of a policy authorizing you to use that computer, is a federal crime. Whether the policy is a workplace policy for employee usage of computers, or a user policy for customer usage of computers, doesn't make a difference.

This gets into sticky areas like "How many near-simultaneous "requests" for my PUBLICLY ACCESSIBLE SERVICE constitutes "popular" versus a denial-of-service attack?" In effect, the slashdot effect could be deemed a federal felony offense if the law stands. SCOTUS will likely have to take it up.

In other words, the fate of our technological freedom is in the hands of 9 dinosaurs who are of the generation that honestly believes the internet is made up of physically interconnected tubes?

So you're not in jail. Big deal. They can still take all your money via the civil courts. Then you're homeless. It's like jail except that the cell has poor climate control and the 3 hots and a cot are unreliable. Nothing will change until civil suits are reformed. For starters, guaranteed right to a jury trial with the possibility of nullification required to be informed to the jury from the bench (not the bench lying and saying that it doesn't exist). Also, reasonable doubt, not prepoderance. Also, no civil trial for the same matter already settled in criminal courts.

Wow, it might actually be a free country again if we could pull that off. Oh and look, I expressed it in one paragraph that everybody can understand. Just like back in the 1700s. Imagine that!

In a recent Florida case, after an employee sued her employer forwrongful termination, the company counterclaimed that plaintiff violatedsection 1030(a)(2)(C) by making personal use of the Internet at work --checking Facebook and sending personal email -- in violation of companypolicy. See Lee v. PMSI, Inc., No. 8:10-cv-2904-T-23TBM, 2011 WL1742028 (M.D. Fla. May 6, 2011). The district court dismissed the counterclaim,but it could not have done so if "exceeds authorized access"included viola

That has not changed, unless the HR asshole has Facebook he never had a TOS with FB so he could always(and still can) demand your account details. You would however be in breach of the TOS if you gave it to said HR asshole so you would be the one tossed in jail.

BUT what has not changed is the fact that if said HR asshole did access FB(with your account details) without having a contract with FB in the first place it will still be a felony.
Things gets muddy if he has his own Facebook since he would techni

Allow me to play devil's advocate here: what is to say they don't arrest you for giving the information out? Asking for it probably doesn't violate the TOS. Either giving it out, or using it are more likely to violate it.

It's not just the asshole who demands your Facebook login that gets charged with counselling a felony. You can also go after the asshole who set the policy (usually further up the food chain). Now that should get the attention of legal (especially if it was legal who set the policy).

So, those employers that demand access to your social networking accounts, or, say, bank accounts, personal e-mail accounts, etc. They get a free pass at violating those sites' Terms of Use and can sign on with employees' access credentials... NO PROBLEM?

Those companies are not violating the TOS, the employee is. What the company is doing is worse, the company is arguably accessing without agreeing to the TOS at all, which falls under unauthorized access and is criminal under the Computer Fraud and Abuse Act. I think. IANAL

If you're going to work for a company that expects access to such accounts, then I would think that your best course of action is to just not have any such accounts. Even better is to just not work at such a company.

In at-will states, employers can fire you for pretty damn near any reason they want, or no reason at all. I'm pretty sure that not supplying them with access to your facebook account doesn't quality as some form of legal discrimination (even though they might be able to obtain some informat

If you're going to work for a company that expects access to such accounts, then I would think that your best course of action is to just not have any such accounts. Even better is to just not work at such a company.

Tell your employer" I won't give you the keys to my house, my car, my bank accounts nor other personal accounts unless you do the same for me."

Should they agree to this, drain their accounts, take everything from their house that you want, put it in their car and take off for the border. When you get there, post (as them) on their facebook and tweet from their account that they love Hitler and the Nazis, hate minorities and women and are having an affair with someone of the same sex in the workplace. Cha

So, those employers that demand access to your social networking accounts, or, say, bank accounts, personal e-mail accounts, etc. They get a free pass at violating those sites' Terms of Use and can sign on with employees' access credentials... NO PROBLEM?

Not at all. If I give you my Facebook password, then I am in violation of the Facebook TOS - which as discussed is not a crime. But _you_ have no authorization to log into my account. I can give you the password, but I cannot give you the authorization to log in, because it is not my server that you are logging in to. So by accessing my account, using the password I gave you, _you_ are committing the crime of unauthorized access to a computer.

and therefore violating terms of service and corporate use policies is not a federal crime.

If it was a Federal Crime, Basically what it would lead to, is private entities been able to send people to jail for breaking rules not set by the government (ie laws...). If this does start to happen, then the corporations have effectively directly taken over law making in this country, and could even possibly put in jail terms and penlites for breaking their tos's.

I think it's hard to tell whether this is good for consumers (because we have the freedom to do what we want with our programs, etc), or bad for consumers (because it makes things less safe for companies). Either way, I'm happy for now, I guess.

It's not hard to tell at all: being able to throw consumers in jail for ToS violations is most definitely, unquestionably, bad for consumers.

The direct action is obviously negative, the question is whether the indirect incentive more than outweighs that negative. One could argue, for example, that perhaps facebook wouldn't exist if they didn't think this was possible, and facebook is so awesome it outweighs the cost. I wouldn't argue that, but someone could.

One could argue, for example, that perhaps facebook wouldn't exist if they didn't think this was possible, and facebook is so awesome it outweighs the cost. I wouldn't argue that, but someone could.

You and I both.

Besides, yea, one could attempt to make that argument, but it's obvious bullshit; the Zuckerburgs of the world don't give two shits about being able to incarcerate their customers for ToS violations, so long as people keep signing up and the skrilla keeps flowing in.

Wrong on both points: 1) the decision covered ToS in general, not only employer/employee agreements; and 2) the Ninth Circuit has plenty of conservatives on it, with its Chief Judge, who wrote this opinion, being a libertarian-leaning Reagan appointee.